Overview
The Exim mail server contains a buffer overflow that could allow a remote attacker to execute arbitrary code on an affected system.
Description
Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. The internal string handling functions of the Exim software contain a function called string_format(). The version of this function included with Exim versions prior to 4.70 contains a flaw that can result in a buffer overflow. An attacker can exploit this vulnerability by crafting message headers that are subsequently supplied to Exim logging functions. Note: this vulnerability has been reported being exploited in the wild. |
Impact
A remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the Exim server. A separate vulnerability in Exim could then allow the attacker to escalate privileges to root. |
Solution
Apply an update |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
- http://www.exim.org/lurker/message/20101210.164935.385e04d0.en.html
- http://bugs.exim.org/show_bug.cgi?id=787
- http://git.exim.org/exim.git/commitdiff/24c929a2
- http://lists.exim.org/lurker/message/20101209.172233.abcba158.en.html
- https://bugzilla.redhat.com/show_bug.cgi?id=661756
Acknowledgements
This vulnerability was discovered as a result of its exploitation in the wild. Sergey Kononenko provided confirmation and public analysis.
This document was written by Chad R Dougherty.
Other Information
| CVE IDs: | CVE-2010-4344 |
| Severity Metric: | 19.77 |
| Date Public: | 2010-12-07 |
| Date First Published: | 2010-12-13 |
| Date Last Updated: | 2010-12-13 14:29 UTC |
| Document Revision: | 10 |